|
@@ -0,0 +1,257 @@
|
|
|
+#!/bin/bash
|
|
|
+#
|
|
|
+# sshd Start up the OpenSSH server daemon
|
|
|
+#
|
|
|
+# chkconfig: 2345 55 25
|
|
|
+# description: SSH is a protocol for secure remote shell access. \
|
|
|
+# This service starts up the OpenSSH server daemon.
|
|
|
+#
|
|
|
+# processname: sshd
|
|
|
+# config: /etc/ssh/ssh_host_key
|
|
|
+# config: /etc/ssh/ssh_host_key.pub
|
|
|
+# config: /etc/ssh/ssh_random_seed
|
|
|
+# config: /etc/ssh/sshd_config
|
|
|
+# pidfile: /var/run/sshd.pid
|
|
|
+
|
|
|
+### BEGIN INIT INFO
|
|
|
+# Provides: sshd
|
|
|
+# Required-Start: $local_fs $network $syslog
|
|
|
+# Required-Stop: $local_fs $syslog
|
|
|
+# Should-Start: $syslog
|
|
|
+# Should-Stop: $network $syslog
|
|
|
+# Default-Start: 2 3 4 5
|
|
|
+# Default-Stop: 0 1 6
|
|
|
+# Short-Description: Start up the OpenSSH server daemon
|
|
|
+# Description: SSH is a protocol for secure remote shell access.
|
|
|
+# This service starts up the OpenSSH server daemon.
|
|
|
+### END INIT INFO
|
|
|
+
|
|
|
+# source function library
|
|
|
+. /etc/rc.d/init.d/functions
|
|
|
+
|
|
|
+# pull in sysconfig settings
|
|
|
+[ -f /etc/sysconfig/sshd ] && . /etc/sysconfig/sshd
|
|
|
+
|
|
|
+RETVAL=0
|
|
|
+prog="sshd"
|
|
|
+lockfile=/var/lock/subsys/$prog
|
|
|
+
|
|
|
+# Some functions to make the below more readable
|
|
|
+KEYGEN=/usr/bin/ssh-keygen
|
|
|
+SSHD=/usr/sbin/sshd
|
|
|
+RSA1_KEY=/etc/ssh/ssh_host_key
|
|
|
+RSA_KEY=/etc/ssh/ssh_host_rsa_key
|
|
|
+DSA_KEY=/etc/ssh/ssh_host_dsa_key
|
|
|
+ECDSA_KEY=/etc/ssh/ssh_host_ecdsa_key
|
|
|
+PID_FILE=/var/run/sshd.pid
|
|
|
+
|
|
|
+runlevel=$(set -- $(runlevel); eval "echo \$$#" )
|
|
|
+
|
|
|
+do_rsa1_keygen() {
|
|
|
+ if [ ! -s $RSA1_KEY ]; then
|
|
|
+ echo -n $"Generating SSH1 RSA host key: "
|
|
|
+ rm -f $RSA1_KEY
|
|
|
+ if test ! -f $RSA1_KEY && $KEYGEN -q -t rsa1 -f $RSA1_KEY -C '' -N '' >&/dev/null; then
|
|
|
+ chmod 600 $RSA1_KEY
|
|
|
+ chmod 644 $RSA1_KEY.pub
|
|
|
+ if [ -x /sbin/restorecon ]; then
|
|
|
+ /sbin/restorecon $RSA1_KEY.pub
|
|
|
+ fi
|
|
|
+ success $"RSA1 key generation"
|
|
|
+ echo
|
|
|
+ else
|
|
|
+ failure $"RSA1 key generation"
|
|
|
+ echo
|
|
|
+ exit 1
|
|
|
+ fi
|
|
|
+ fi
|
|
|
+}
|
|
|
+
|
|
|
+do_rsa_keygen() {
|
|
|
+ if [ ! -s $RSA_KEY ]; then
|
|
|
+ echo -n $"Generating SSH2 RSA host key: "
|
|
|
+ rm -f $RSA_KEY
|
|
|
+ if test ! -f $RSA_KEY && $KEYGEN -q -t rsa -f $RSA_KEY -C '' -N '' >&/dev/null; then
|
|
|
+ chmod 600 $RSA_KEY
|
|
|
+ chmod 644 $RSA_KEY.pub
|
|
|
+ if [ -x /sbin/restorecon ]; then
|
|
|
+ /sbin/restorecon $RSA_KEY.pub
|
|
|
+ fi
|
|
|
+ success $"RSA key generation"
|
|
|
+ echo
|
|
|
+ else
|
|
|
+ failure $"RSA key generation"
|
|
|
+ echo
|
|
|
+ exit 1
|
|
|
+ fi
|
|
|
+ fi
|
|
|
+}
|
|
|
+
|
|
|
+do_dsa_keygen() {
|
|
|
+ if [ ! -s $DSA_KEY ]; then
|
|
|
+ echo -n $"Generating SSH2 DSA host key: "
|
|
|
+ rm -f $DSA_KEY
|
|
|
+ if test ! -f $DSA_KEY && $KEYGEN -q -t dsa -f $DSA_KEY -C '' -N '' >&/dev/null; then
|
|
|
+ chmod 600 $DSA_KEY
|
|
|
+ chmod 644 $DSA_KEY.pub
|
|
|
+ if [ -x /sbin/restorecon ]; then
|
|
|
+ /sbin/restorecon $DSA_KEY.pub
|
|
|
+ fi
|
|
|
+ success $"DSA key generation"
|
|
|
+ echo
|
|
|
+ else
|
|
|
+ failure $"DSA key generation"
|
|
|
+ echo
|
|
|
+ exit 1
|
|
|
+ fi
|
|
|
+ fi
|
|
|
+}
|
|
|
+
|
|
|
+do_ecdsa_keygen() {
|
|
|
+ if [ ! -s $ECDSA_KEY ]; then
|
|
|
+ echo -n $"Generating SSH2 ECDSA host key: "
|
|
|
+ rm -f $ECDSA_KEY
|
|
|
+ if test ! -f $ECDSA_KEY && $KEYGEN -q -t ecdsa -f $ECDSA_KEY -C '' -N '' >&/dev/null; then
|
|
|
+ chmod 600 $ECDSA_KEY
|
|
|
+ chmod 644 $ECDSA_KEY.pub
|
|
|
+ if [ -x /sbin/restorecon ]; then
|
|
|
+ /sbin/restorecon $ECDSA_KEY.pub
|
|
|
+ fi
|
|
|
+ success $"ECDSA key generation"
|
|
|
+ echo
|
|
|
+ else
|
|
|
+ failure $"ECDSA key generation"
|
|
|
+ echo
|
|
|
+ exit 1
|
|
|
+ fi
|
|
|
+ fi
|
|
|
+}
|
|
|
+
|
|
|
+do_restart_sanity_check()
|
|
|
+{
|
|
|
+ $SSHD -t
|
|
|
+ RETVAL=$?
|
|
|
+ if [ $RETVAL -ne 0 ]; then
|
|
|
+ failure $"Configuration file or keys are invalid"
|
|
|
+ echo
|
|
|
+ fi
|
|
|
+}
|
|
|
+
|
|
|
+start() {
|
|
|
+ [ -x $SSHD ] || exit 5
|
|
|
+ [ -f /etc/ssh/sshd_config ] || exit 6
|
|
|
+ # Create keys if necessary
|
|
|
+ if [ "x${AUTOCREATE_SERVER_KEYS}" != xNO ]; then
|
|
|
+ do_rsa_keygen
|
|
|
+ if [ "x${AUTOCREATE_SERVER_KEYS}" != xRSAONLY ]; then
|
|
|
+ do_rsa1_keygen
|
|
|
+ do_dsa_keygen
|
|
|
+ do_ecdsa_keygen
|
|
|
+ fi
|
|
|
+ fi
|
|
|
+
|
|
|
+ cp -af /etc/localtime /var/empty/sshd/etc
|
|
|
+
|
|
|
+ echo -n $"Starting $prog: "
|
|
|
+ $SSHD $OPTIONS && success || failure
|
|
|
+ RETVAL=$?
|
|
|
+ [ $RETVAL -eq 0 ] && touch $lockfile
|
|
|
+ echo
|
|
|
+ return $RETVAL
|
|
|
+}
|
|
|
+
|
|
|
+stop() {
|
|
|
+ echo -n $"Stopping $prog: "
|
|
|
+ if [ -n "`pidfileofproc $SSHD`" ] ; then
|
|
|
+ killproc $SSHD
|
|
|
+ else
|
|
|
+ failure $"Stopping $prog"
|
|
|
+ fi
|
|
|
+ RETVAL=$?
|
|
|
+ # if we are in halt or reboot runlevel kill all running sessions
|
|
|
+ # so the TCP connections are closed cleanly
|
|
|
+ if [ "x$runlevel" = x0 -o "x$runlevel" = x6 ] ; then
|
|
|
+ trap '' TERM
|
|
|
+ killall $prog 2>/dev/null
|
|
|
+ trap TERM
|
|
|
+ fi
|
|
|
+ [ $RETVAL -eq 0 ] && rm -f $lockfile
|
|
|
+ echo
|
|
|
+}
|
|
|
+
|
|
|
+reload() {
|
|
|
+ echo -n $"Reloading $prog: "
|
|
|
+ if [ -n "`pidfileofproc $SSHD`" ] ; then
|
|
|
+ killproc $SSHD -HUP
|
|
|
+ else
|
|
|
+ failure $"Reloading $prog"
|
|
|
+ fi
|
|
|
+ RETVAL=$?
|
|
|
+ echo
|
|
|
+}
|
|
|
+
|
|
|
+restart() {
|
|
|
+ stop
|
|
|
+ start
|
|
|
+}
|
|
|
+
|
|
|
+force_reload() {
|
|
|
+ restart
|
|
|
+}
|
|
|
+
|
|
|
+do_status() {
|
|
|
+ status -p $PID_FILE openssh-daemon
|
|
|
+}
|
|
|
+
|
|
|
+is_running() {
|
|
|
+ do_status >/dev/null 2>&1
|
|
|
+}
|
|
|
+
|
|
|
+case "$1" in
|
|
|
+ start)
|
|
|
+ is_running && exit 0
|
|
|
+ start
|
|
|
+ ;;
|
|
|
+ stop)
|
|
|
+ if ! is_running; then
|
|
|
+ rm -f $lockfile
|
|
|
+ exit 0
|
|
|
+ fi
|
|
|
+ stop
|
|
|
+ ;;
|
|
|
+ restart)
|
|
|
+ restart
|
|
|
+ ;;
|
|
|
+ reload)
|
|
|
+ is_running || exit 7
|
|
|
+ reload
|
|
|
+ ;;
|
|
|
+ force-reload)
|
|
|
+ force_reload
|
|
|
+ ;;
|
|
|
+ condrestart|try-restart)
|
|
|
+ is_running || exit 0
|
|
|
+ if [ -f $lockfile ] ; then
|
|
|
+ do_restart_sanity_check
|
|
|
+ if [ $RETVAL -eq 0 ] ; then
|
|
|
+ stop
|
|
|
+ # avoid race
|
|
|
+ sleep 3
|
|
|
+ start
|
|
|
+ else
|
|
|
+ RETVAL=6
|
|
|
+ fi
|
|
|
+ fi
|
|
|
+ ;;
|
|
|
+ status)
|
|
|
+ do_status
|
|
|
+ RETVAL=$?
|
|
|
+ if [ $RETVAL -eq 3 -a -f $lockfile ] ; then
|
|
|
+ RETVAL=2
|
|
|
+ fi
|
|
|
+ ;;
|
|
|
+ *)
|
|
|
+ echo $"Usage: $0 {start|stop|restart|reload|force-reload|condrestart|try-restart|status}"
|
|
|
+ RETVAL=2
|
|
|
+esac
|
|
|
+exit $RETVAL
|